forked from libvmi/libvmi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
118 lines (111 loc) · 5 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
Release 0.12
New Features:
Support for ARM on Xen, and ARM raw memory dumps
KVM shared memory shapshot and direct memory access support
Rekall profiles for Windows target config
Support for 64-bit linux raw memory dumps
Ability to disable selected OS support at compile time
Compile-time cache configuration
API enhancements:
Added vmi_step_mem_event for single stepping over mem events
Added vmi_read and vmi_write functions
Added vmi_init_paging to re-init paging mode via API
Allow VMI_PARTIAL init mode for live VMs
Code refactoring:
Significant refactoring in driver and arch modules
Windows code cleanup (for Win8 support)
Fixed some code duplications in read/write modules
Bug Fixes:
Fixed bug in byte-level mem events
Fixed unicode string read function for Windows x64
Fixed initialization bugs
Fixed bounds checking bugs
Fixed some memory leaks
Fixed LRU page tracking in cache
Whitespace cleanup
Reduced compiler warnings
Address XSA-99
Other:
Updated Qemu patch for LibVMI+Qemu
Improved error messages
General improvements to Xen events code
Release 0.10
Build system improvements:
Compiling on OS X now possible
Improved Xen and KVM detection
Ability to build Xen driver without necessity for libxenstore
Test suite for manual use and continuous integration
API enhancements:
Exposure of number of VM VCPUs if known
Exposure of VM address width if known
Windows user-space symbol to virtual address lookup
Custom initialization functions accepting a hashtable rather than
relying upon libvmi.conf
Page table lookup helper function now exposed in public headers
VCPU register modification capabilities
Note: currently only available for Xen VMs
Support for Xen Events (Requires CPU with Intel EPT and Xen version
4.1.2+)
Page-granular memory events
Byte-granular physical address memory events
VCPU single-stepping via the Monitor Trap Flag
MSR write events
Note: requires Xen 4.3
CR0, CR3, CR4 write events
Note: Xen 4.2.0 experienced a regression preventing CR3/CR4 events
from working. Xen 4.2.1+, and Xen 4.1.2 do not suffer from this
issue.
Exposing peparse.h as part of LibVMI to aid in Windows PE validation,
gaining access to the PE headers and the Image Data Directories
entries (the export table is natively supported)
Page mode can now be accessed in partial init
Windows version can be determined in partial init provided a physical
address is given to the kernel
Hypervisor support:
Xen improvements tracking 4.1.x, 4.2.x, and 4.3.x
Qemu 1.2.0 patch for KVM integration
Bug Fixes:
Volatility integration via Pyvmiaddressspace
Small Linux offset finder updates
Linux PID to PGD/PGD to PID lookups
Windows PID to PGD lookup
Proper behavior on systems lacking MAP_POPULATE
Compile failures when caching was disabled
Improved Xen domain ID validation
Windows EPROCESS list search offset corrected
Virtual address translation for Windows VMs with small amounts of RAM
Many compile warnings, etc.
Other features:
Several new pieces of example code
Basic C++ support (header improvements)
Improved Python bindings for LibVMI
Alternative Fuse integration in C (exposes VM memory as a pseudofile)
Release 0.8 - 2012-03-21
Support for 64-bit guests
Linux process name offset no-longer hard-coded, added to config file
Improved glib version compatibility
Improved Xen version compatibility
Many new registers that you can access
Improved Volatility integration
Exposed some cache handling to users
Improved page cache performance
Many bug fixes
Release 0.6 - 2011-10-20
Debut of LibVMI, the successor to XenAccess
Continues to work with Xen and physical memory snapshots
Provides initial support for KVM
Variety of changes to the API and internals
LibVMI is released under the LGPL license (compared to the GPL of XenAccess)
To transition to LibVMI from XenAccess, please see the transition
documentation:
http://code.google.com/p/vmitools/wiki/TransitionFromXenAccess
--------------------------------------------------------------------------------
LibVMI supersedes XenAccess. Above this line is exclusively LibVMI.
--------------------------------------------------------------------------------
Release 0.5 - 2009-01-05
Greatly improved support for Windows domains
Support for newer versions of Xen
Support for viewing raw memory files
New tools directory with adapters for Python and Volatility
Updated documentation
Many bug fixes